Our sex lives and fantasies are some of the most private things about us. These are details we normally wouldn't share even with our closest friends and relatives, let alone sleazy cybercriminals with malicious intentions.
But imagine a complete stranger taking over your pleasure toy and using it to access your most intimate secrets. Or, even worse, literally trapping intimate parts of your body, leaving you no possibility to break free. Sounds like a horror movie? Unfortunately, it would be one based on a true story.
Qiui’s Cellmate is a chastity belt your partner can lock and unlock remotely through a special mobile application. With a tap of a button, someone can lock up your genitals in a metal ring. Maybe that might be fun if it’s someone you can trust – but can you be sure they're in control?
A few days ago, researchers found that Qiui’s Cellmate chastity sex toy has a severe security flaw. If exploited, it would allow hackers to remotely lock you in the belt. Because it does not have a manual unlock function, the only way to set its user free is to saw it apart.
The threat lies in the application programming interface that connects the app with the belt. Having hacked the application, cybercriminals can take over your sex toy and steal all your private data from the app, such as connection times, your location, passwords, and more.
Luckily, no one is known to have suffered such an attack yet, as the company fixed the flaw in time. But this vulnerability opens potentially dangerous opportunities for hackers to infiltrate our most private moments.
Previous sex toy hacks
Hackers exploiting sex toys is not a new concept. Here are some of the most famous recent hacks:
- “Panty Buster” hack. A few years ago, researchers discovered vulnerabilities in “Panty Buster” sex toys sold under the Vibratissimo brand. Hackers could use a back door to access user data, including images, chat logs, sexual orientation, passwords, and more. The flaw also allowed hackers to take control over the device by exploiting its Bluetooth connection. What’s more, the device had a dedicated social network, where users could communicate with each other and stream their videos. This added an additional layer of vulnerability. Fortunately, the issues were solved with updates, but before this was done, at least 50,000 users had details of their intimate lives leaked;
- Bluetooth-enabled butt plug hack. Hush, the world's first remotely controlled teledildonic butt plug developed by Lovesense, was found to have a flaw that allowed hackers to intercept its Bluetooth connection. Anyone within the range of the Bluetooth signal could easily control the device, all thanks to its Bluetooth Low Energy function. While the function saves energy, it is also very insecure and susceptible to man-in-the-middle attacks;
- Dildo camera hack. In 2017, researchers from Pen Test Partners discovered a vulnerability in Svakom Siime Eye, a dildo that has an integrated camera and allows users to stream videos to anyone. The problem is that anyone within the device's Wi-Fi range could access the videos and the dildo’s unprotected webserver if they could guess the device password. The default password was “88888888”, so it is not very difficult to crack. Having accessed the web server, snoopers could also take full control of the device's firmware.
Sex toys have become part of the network of internet of things (IoT) devices and can be hacked the same way that any other IoT device can. Moreover, they can not only expose the most intimate details of your life to a stranger with unclear intentions, but also become a gateway to other devices or even your whole network. Most modern sex toys have sophisticated technological features, such as Wi-Fi connection, webcams, and even AI-powered biofeedback, and should be treated seriously in terms of cyber threats.
Here are a few measures you can take to avoid such exploits:
- Constantly change your passwords and use strong ones, making sure they include a combination of letters, numbers, and special characters. Also, create a different password for each of your devices. Our NordPass tool can help you create complex passwords and will memorize them for you;
- Always update your devices. Manufacturers are usually quick to patch vulnerabilities with the latest updates. When you forget to update your software, you leave yourself vulnerable to threats;
- Create a separate local area network for your IoT devices. By doing this, you will isolate them from your primary network, keeping them safe in case someone were to intrude on it;
- Secure your router with a VPN. The VPN will protect traffic on all the devices within your network, preventing cyber-snoopers from intercepting it;
- Secure your Bluetooth connection. You can find some tips on how to do that here.
Use protection online. NordVPN is a trusted tool that will always help keep you safe and private, and you can try it risk-free for 30 days!